Metodología de validación de herramientas para la seguridad en dispositivos móviles

Authors

Keywords:

CC, cyber security, IT security, methodology security, mobile security

Abstract

Users of mobile phone devices require updated information in real time. Many users are unaware of existing vulnerabilities, threats, and protective measures to mitigate potential attacks. This article presents the design of a methodology for the validation of security tools aimed at users of mobile devices; for development. A theoretical review of information security in mobile environments was carried out, an analysis consisting of a Similarity Study between Models and Standards (MSSS) of the main standards related to computer security such as ISO 27001, NIST 800-30, COBIT 5 and OWASP recommendations Mobile Security Project. As a result, a simple methodology called Ms-DisMov was designed by merging the PDCA cycle of ISO 27001 with the scenarios of OWASP top ten mobile 2016, which allowed to harmonize the two trends on a solid basis that according to its structure adapts to work with any tool that is aligned with OWASP scenarios, allowing the user to protect the information contained in their mobile devices.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

References

Bertino, E. (2016). Securing Mobile Applications. Journal in Computing Edge, 2(3), 4-6.

Calvo-Manzano, J., Cuevas, G., Muñoz, M., San Feliu, T. (2008). Process similarity study: Case study on project planning practices based on CMMI-DEV, v1.2. In: Proc. EuroSPI, pp. 11-23.

Dwivedi, H., Clark, C., Thiel, D. (2010). Mobile application security. New York, US: McGraw-Hill, Inc., 432 p.

Erreyes, D. (2017). Metodología para la selección de herramientas eficientes y protocolos adecuados para mejorar la seguridad de los dispositivos móviles. Tesis de Posgrado, 159 pp, Universidad de Cuenca, Cuenca, Ecuador. Disponible en http://dspace.ucuenca.edu.ec/handle/123456789/27971

ESET. (2014). Enjoy Safere Technology. Disponible en www.eset.es.

Gasca, G. (2010). Estudio de Similitud del Proceso de gestión de riesgos en proyectos de Outsourcing de software: Utilización de un método. Revista Ingenierías Universidad de Medellín, 9, 119-129.

Hurlburt, G. (2016). Good Enough Security: The Best We’ll Ever Have. Journal in Computing Edge, 2(11), 10-13.

ISACA. (2012). Un marco de negocio para el gobierno y la gestión de las TI de la empresa. Disponible en https://articulosit.files.wordpress.com/2013/07/cobit5-framework-spanish.pdf

ISO/IEC 27001. (2012). ISO 27000. Disponible en http://www.iso27000.es/iso27000.html

Jøsang, A., Miralabé, L., Dallot, L. (2015). Vulnerability by design in mobile network security. The Journal of Information Warfare, 14(4), 3-5.

Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L. (2014). Android taint flow analysis for app sets. SOAP’14 Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Arty in Java Program Analysis. pp. 1-6.

Lucena, J. (2011). Criptografía y seguridad de computadores. Version 4-0.8.1. Universidad de Jaen, 307 pp. Disponible en https://ldc.usb.ve/~figueira/cursos/Seguridad/Material/ ManuelLucena/cripto.pdf

Management, T. (2008). Traducción oficial Official translation Traduction officielle ISO. Disponible en http://www.umc.edu.ve/pdf/calidad/normasISO/ISO_9001(ES)_CERT_2008_final.pdf

Memon, A. M., Anwar, A. (2016). Colluding Apps: Tomorrow’s mobile malware threat. Journal in Computing Edge, 2(3), 31-35.

OWASP. (2016). Mobile top 10 2016-Top 10. Disponible en https://www.owasp.org/index.php/ Mobile_Top_10_2016-Top_10

Task, J., Transformation, F. (2012). Guide for conducting risk assessments, Disponible en http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

Downloads

Published

2017-12-30

How to Cite

Erreyes, D., & Ponce, D. (2017). Metodología de validación de herramientas para la seguridad en dispositivos móviles. Maskana, 8(1), 9–19. Retrieved from https://publicaciones.ucuenca.edu.ec/ojs/index.php/maskana/article/view/1962

Issue

Vol. 8 (2017): PROCEEDINGS: R+D+Engineering

Section

First Congress of Computer Science

License

Copyright © Autors. Creative Commons Attribution 4.0 License. for any article submitted from 6 June 2017 onwards. For manuscripts submitted before, the CC BY 3.0 License was used.

You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material for any purpose, even commercially.

Under the following conditions:

Attribution — You must give appropriate credit, provide a link to the licence, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licenser endorses you or your use.
  No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the licence permits.
  
Detailed information about copyright and license agreement, copyright transfers and reproduction requests, can be found here.